Singapore: PDPC publishes best practices guide and checklists for IT systems
The Personal Data Protection Commission ('PDPC') published, on 14 September 2021, a series of resources for ICT systems, including a guide to data protection practices and a handbook on guarding against common types of data breaches together with checklists. In particular, the guide compiles best practices from past PDPC advisories which organisations can incorporate into their ICT policies, systems, and processes. More specifically, the guide outlines the following areas of concern for each stage of the data lifecycle:
- policies and risk management practices;
- ICT control measures; and
- standard operating procedures and ICT operations.
Separately, the handbook identifies common gaps in ICT system management and processes that often result in data breaches, as well as measures to address such gaps. In addition, the checklists aim to help organisations review and ensure that policies, technology controls, and processes applicable to their business operations have been put in place.